2 matches found
CVE-2012-1067
CVE-2012-1067 affects the WP-RecentComments WordPress plugin (2.0.7) with a SQL injection via the id parameter in the rc-content action to index.php. The underlying issue is an injectable SQL command path that allows remote attackers to execute arbitrary SQL. In published materials, exploitation ...
CVE-2012-1068
The CVE-2012-1068 entry concerns the WP-RecentComments WordPress plugin (before 2.0.7). The vulnerability is an XSS in the rc_ajax function in core.php that allows an attacker to inject arbitrary web script or HTML via the page parameter, related to AJAX paging. Affected component: WordPress WP-R...